Wednesday, 2 April 2008

Intalio offering BPMS as a service

Intalio has announced availability of its novel approach to running BPMS as a service

The Intalio|On Demand servers are powerful enough to run hundreds of thousands of process instances concurrently. Each server has the equivalent of 1.7 GB of memory, 160 GB of storage, CPU capacity of a 32-bit 1.0-1.2 GHz 2007 Opteron or 2007 Xeon processor.

The underlying operating system is rPath Linux, following the Just enough Operating System (JeOS) principle. "This makes the appliance more efficient, smaller, more secure and higher performing than an application running under a full general purpose OS (Wikipedia, JeOS)". The Intalio|On Demand software appliance contains a bare minimal Java 1.5, Open SSH, and Intalio|Server.

The compute power comes from the Amazon Web Services Elastic Compute Cloud (EC2) which gives a fair amount of assurance that capacity and connectivity will be there when you need it.

An organisation using this as a production solution will need to consider its exposure to

  • failure in the cloud removing access to fundamental business process engine and related dashboard information
  • privacy and security of data passing through a commercial computing host in a jurisdiction that may not have the same legislative protections as your business domicile
But at the extreme, you can develop and test a fully functional BPMS and integration solution on a laptop and then deploy it across the cloud to a worldwide collection of services.

2 comments:

Sebastian Stadil said...

On point 1:
The Intalio|On Demand servers are no more vulnerable than local servers. Better yet, since they are maintained by people who know the server and product in gory details, the chance of failure is likely less. In that event, however, we guarantee one (1) business day response time. In most cases, the response time is under 1 hour. As for backups, the data is backed up every minute for the past hour, every hour for the past day, and every day for the past month.

On point 2:
This is a concern to all that do business over the Internet, and if you do not trust established security protocols like https, ssh, and virtual private networks, than we recommend you use our on premise version to install locally.

Does that answer your concerns?

David French said...

My concerns are about organisations not thinking deeply about these issues rather than any intrinsic problems with Intalio|On Demand. Apart from availablity and performance issues that we may face in New Zealand, which at times seems the end of internet universe, keeping the business going through service loss is an increasing problem especially if the business operations are 'through the all encompassing BPMS' rather than 'reported to the back-office systems'.
Point 2 was more concerned with having a key part of an information flow going where it is under different legislative control than you may be used to. By using systems and servers hosted in US could expose data in ways that may not be desirable as privacy and security-related legislation is not universal. (for example, use of Blackberry devices was restricted by some governments because of the offshore servers).
At a technical level, where the BPMS is managing the flow of content that should be protected (consider health information), a systems designer may have to give consideration to end-end encryption/decryption of content routed through the BPMS messages ... which is a bit beyond the network layer protections of https, ssh, and virtual private networks.
I actually think Intalio BPMS is a great technical solution and Intalio|On Demand a really good way of delivering it. However, I think that there are some peripheral issues to be resolved by any serious business that takes it on. I was hoping that you would simply point me a piece of research that pointed out the risks and why they were not an insurmountable problem!